Overview
The plugin includes two categories of skills:- 6 Vulnerability Scanners - Platform-specific attack pattern detection
- 5 Development Guidelines Assistants - Secure development best practices
Installation
Supported Blockchains
Algorand
TEAL/PyTeal smart contracts
Cairo
StarkNet contracts
Cosmos
Cosmos SDK modules
Solana
Native Rust & Anchor programs
Substrate
Substrate pallets
TON
FunC smart contracts
Vulnerability Scanners
Platform-specific vulnerability detection based on Trail of Bits’ Not So Smart Contracts repository.Algorand Vulnerability Scanner
Algorand Vulnerability Scanner
Skill:
/algorand-vulnerability-scannerScans Algorand/TEAL codebases for 11 vulnerability patterns:- Rekeying vulnerabilities
- Unchecked transaction fees
- Asset closing issues
- Group size checks
- Time-based replay attacks
- CloseRemainderTo validation
- AssetCloseTo validation
- Transaction type confusion
- Improper escrow handling
- Fee manipulation
- Lease validation issues
Cairo Vulnerability Scanner
Cairo Vulnerability Scanner
Skill:
/cairo-vulnerability-scannerAnalyzes StarkNet/Cairo smart contracts for 6 vulnerability patterns:- Arithmetic overflow/underflow
- Reentrancy vulnerabilities
- Uninitialized storage
- Authorization bypass
- Improper access control
- State manipulation issues
Cosmos Vulnerability Scanner
Cosmos Vulnerability Scanner
Skill:
/cosmos-vulnerability-scannerDetects security issues in Cosmos SDK modules for 9 patterns:- Undelegation time validation
- Amount validation issues
- Unbonding validation
- Rounding issues in calculations
- Delegation state manipulation
- Validator set manipulation
- Slashing bypass
- Reward distribution errors
- Token minting vulnerabilities
Solana Vulnerability Scanner
Solana Vulnerability Scanner
Skill:
/solana-vulnerability-scannerScans Solana/Anchor programs for 6 critical vulnerabilities:- Arbitrary CPI - User-controlled program IDs in cross-program invocations
- Improper PDA Validation - Using create_program_address without canonical bump
- Missing Ownership Check - Deserializing accounts without owner validation
- Missing Signer Check - Authority operations without is_signer verification
- Sysvar Account Check - Spoofed sysvar accounts (pre-Solana 1.8.1)
- Improper Instruction Introspection - Absolute indexes allowing reuse attacks
Supports both native Solana programs and Anchor framework. Integrates with Trail of Bits Solana Lints when available.
Substrate Vulnerability Scanner
Substrate Vulnerability Scanner
Skill:
/substrate-vulnerability-scannerAnalyzes Substrate pallets for 7 security issues:- BadOrigin handling
- Insufficient weight calculations
- Panics on overflow
- Unsigned transaction validation
- Storage manipulation
- Runtime upgrade issues
- Extrinsic validation bypass
TON Vulnerability Scanner
TON Vulnerability Scanner
Skill:
/ton-vulnerability-scannerDetects vulnerabilities in TON smart contracts for 3 patterns:- Replay protection failures
- Unprotected receiver functions
- Sender validation issues
Development Guidelines Assistants
Based on Trail of Bits’ Development Guidelines.Audit Prep Assistant
Skill:/audit-prep-assistant
Prepare your codebase for security reviews with a comprehensive 4-step checklist:
- Set Review Goals - Define security objectives and areas of concern
- Resolve Easy Issues - Run static analysis (Slither, dylint, golangci-lint) and fix low-hanging fruit
- Ensure Accessibility - Create build instructions, freeze commits, clarify scope
- Generate Documentation - Create flowcharts, user stories, glossaries, and inline comments
Code Maturity Assessor
Skill:/code-maturity-assessor
Systematic code maturity evaluation using Trail of Bits’ 9-category framework:
- Arithmetic safety
- Auditing practices
- Authentication/Access controls
- Complexity management
- Decentralization
- Documentation quality
- Transaction ordering risks
- Low-level manipulation
- Testing and verification
Guidelines Advisor
Skill:/guidelines-advisor
Comprehensive development best practices advisor covering:
- Documentation & Specifications - Generate system descriptions and architectural diagrams
- Architecture Analysis - Optimize on-chain/off-chain distribution
- Upgradeability Review - Assess upgrade patterns and delegatecall proxies
- Implementation Quality - Review functions, inheritance, events
- Common Pitfalls - Identify security anti-patterns
- Dependencies - Evaluate library usage
- Testing - Suggest test improvements
Secure Workflow Guide
Skill:/secure-workflow-guide
Interactive 5-step secure development workflow:
- Known Security Issues - Run Slither with 70+ detectors
- Special Features - Check upgradeability, ERC conformance, token integration
- Visual Inspection - Generate inheritance graphs, function summaries, authorization maps
- Security Properties - Document properties, set up Echidna/Manticore
- Manual Review - Analyze privacy, front-running, cryptography, DeFi risks
Token Integration Analyzer
Skill:/token-integration-analyzer
Comprehensive token security analysis for both implementations and integrations:
- ERC20/ERC721 Conformity - Validate standard compliance
- Contract Composition - Assess complexity and SafeMath usage
- Owner Privileges - Review upgradeability, minting, pausability, blacklists
- 20+ Weird Token Patterns - Check for non-standard behaviors:
- Missing return values
- Fee-on-transfer tokens
- Rebasing tokens
- Double entry point tokens
- Flash mintable tokens
- Revert on zero-value transfers
- On-chain Analysis - Query deployed contracts for scarcity and distribution
- Integration Safety - Verify defensive patterns and safe transfer usage
Usage Examples
Pre-Audit Preparation Workflow
Platform-Specific Security Review
For a Solana project:Token Development
Continuous Security Integration
Tool Integration
Many skills leverage security tools when available:- Slither - Static analysis for Solidity (70+ detectors, visual diagrams, upgradeability checks)
- Echidna - Property-based fuzzing for Ethereum contracts
- Manticore - Symbolic execution for deep analysis
- Tealer - Static analyzer for TEAL/PyTeal (Algorand)
- Web3/Ethers - On-chain queries for deployed contracts
- dylint - Linter framework for Rust-based contracts
- golangci-lint - Comprehensive linter for Go (Cosmos)
Skills gracefully adapt when tools are unavailable, performing manual analysis instead. However, tool-assisted analysis is more thorough and faster.
Source Material
This plugin is based on Trail of Bits’ open-source security resources:- Building Secure Contracts - Comprehensive security guidelines
- Not So Smart Contracts - Common vulnerability patterns
- Weird ERC20 - Non-standard token behaviors
Related Skills
Complement this plugin with other Trail of Bits skills:- audit-context-building - Build deep architectural context before vulnerability hunting
- issue-writer - Transform findings into professional audit reports
- solidity-poc-builder - Build proof-of-concept exploits for Solidity vulnerabilities
Support
For questions or issues:- Trail of Bits Office Hours - Every Tuesday
- Empire Hacking Slack - #crytic and #ethereum channels